Bug 865458
| Summary: | Generated task form validation functions need to be rewritten in order to use unicode characters | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise BRMS Platform 5 | Reporter: | Jiri Svitak <jsvitak> |
| Component: | jBPM 5 | Assignee: | Kris Verlaenen <kverlaen> |
| Status: | VERIFIED --- | QA Contact: | Marek Baluch <mbaluch> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | BRMS 5.3.1 | CC: | kverlaen, mbaluch |
| Target Milestone: | ER4 | ||
| Target Release: | BRMS 5.3.1 GA | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
It was not previously possible to us unicode characters in String fields in generated task forms due to incorrect validation errors occurring. This has been resolved by adding support for utf-8 in the validation functions. User can enter utf-8 characters in task forms and do not see false validation errors.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Enhancement | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Great catch - since we use regex built into JS for this, I cannot write an expression that includes unicode characters, so let me know what you would like to do: 1) Remove default error checking in generated forms (easy) 2) Start using a library like http://xregexp.com/plugins/ for example which would allow us to do what you are asking, however would introduce more problems because forms should be stand-alone, and with this we would depend on either hard-coding the library code into the form, or making it available somewhere on the net which is not always easy to do. Let me know if 1) or 2) would work for you or if you have any other ideas. Thanks. For me the simplest solution would be to rewrite current javascript functions to be less limiting in validation. That means they won't control each alphabet character, but they just won't allow to enter dangerous characters like <, >, ' and perhaps more, which create an attacking potential. What do you think? That is better approach. Will do. I don't think we should include any preventions of XSS because if we miss anything users can come back at us :) That should be completely user-driven, is that OK? Added support for UTF-8 in regex expressions..your test case should validate without problems now. Checked into master.Raise blocker flag if this is for 5.3.1. Fixed in 2.3.x Designer branch. Verified in BRMS 5.3.1 ER4. |
Generated task forms do not allow to use unicode characters in String fields. User has to rewrite javascript validating methods manually. In particular this method uses only simple regular expression: function isAlphanumeric(elem){ var alphaExp = /^[a-zA-Z0-9\_ .-@]+$/; if(elem.value.match(alphaExp)){ return true; } else { return false; } } Some validation should be there to prevent cross site scripting attack, but the user should not be limited only to English alphabet, for example the string "příliš žluťoučký kůň úpěl ďábelské ódy" should be possible to enter without additional javascript code modification.